From e0e53288b9019d2540557f0c0e48ae217b9a4fc3 Mon Sep 17 00:00:00 2001 From: Yifan Hong Date: Thu, 23 Sep 2021 18:37:21 -0700 Subject: binder: make libbinder_tls_test_utils ... by combining various RpcAuth / RpcCertificateVerifier implementations for tests. This allows us to move more TLS test utils to this library. Test: pass Bug: 195598155 Change-Id: Ic7861ac9585c6fc2bbceef7322fb18db4d2e2d11 --- libs/binder/tests/Android.bp | 38 ++++++- libs/binder/tests/RpcAuthTesting.cpp | 83 --------------- libs/binder/tests/RpcAuthTesting.h | 49 --------- libs/binder/tests/RpcCertificateVerifierSimple.cpp | 53 --------- libs/binder/tests/RpcCertificateVerifierSimple.h | 53 --------- libs/binder/tests/RpcTlsTestUtils.cpp | 118 +++++++++++++++++++++ libs/binder/tests/RpcTlsUtilsTest.cpp | 3 +- libs/binder/tests/binderRpcBenchmark.cpp | 3 +- libs/binder/tests/binderRpcTest.cpp | 3 +- .../binder/RpcTlsTestUtils.h | 78 ++++++++++++++ 10 files changed, 233 insertions(+), 248 deletions(-) delete mode 100644 libs/binder/tests/RpcAuthTesting.cpp delete mode 100644 libs/binder/tests/RpcAuthTesting.h delete mode 100644 libs/binder/tests/RpcCertificateVerifierSimple.cpp delete mode 100644 libs/binder/tests/RpcCertificateVerifierSimple.h create mode 100644 libs/binder/tests/RpcTlsTestUtils.cpp create mode 100644 libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h (limited to 'libs') diff --git a/libs/binder/tests/Android.bp b/libs/binder/tests/Android.bp index 71c0e86460..680f0edd51 100644 --- a/libs/binder/tests/Android.bp +++ b/libs/binder/tests/Android.bp @@ -134,6 +134,37 @@ aidl_interface { }, } +cc_library_static { + name: "libbinder_tls_test_utils", + host_supported: true, + target: { + darwin: { + enabled: false, + }, + }, + defaults: [ + "binder_test_defaults", + "libbinder_tls_shared_deps", + ], + shared_libs: [ + "libbinder", + "libbase", + "liblog", + ], + static_libs: [ + "libbinder_tls_static", + ], + srcs: [ + "RpcTlsTestUtils.cpp", + ], + export_include_dirs: [ + "include_tls_test_utils", + ], + visibility: [ + ":__subpackages__", + ], +} + cc_test { name: "binderRpcTest", host_supported: true, @@ -153,8 +184,6 @@ cc_test { srcs: [ "binderRpcTest.cpp", - "RpcAuthTesting.cpp", - "RpcCertificateVerifierSimple.cpp", ], shared_libs: [ "libbinder", @@ -166,6 +195,7 @@ cc_test { ], static_libs: [ "libbinder_tls_static", + "libbinder_tls_test_utils", "binderRpcTestIface-cpp", "binderRpcTestIface-ndk", ], @@ -189,7 +219,6 @@ cc_test { "libbinder_tls_shared_deps", ], srcs: [ - "RpcAuthTesting.cpp", "RpcTlsUtilsTest.cpp", ], shared_libs: [ @@ -199,6 +228,7 @@ cc_test { "liblog", ], static_libs: [ + "libbinder_tls_test_utils", "libbinder_tls_static", ], test_suites: ["general-tests", "device-tests"], @@ -219,7 +249,6 @@ cc_benchmark { srcs: [ "binderRpcBenchmark.cpp", "IBinderRpcBenchmark.aidl", - "RpcAuthTesting.cpp", ], shared_libs: [ "libbase", @@ -228,6 +257,7 @@ cc_benchmark { "libutils", ], static_libs: [ + "libbinder_tls_test_utils", "libbinder_tls_static", ], } diff --git a/libs/binder/tests/RpcAuthTesting.cpp b/libs/binder/tests/RpcAuthTesting.cpp deleted file mode 100644 index c0587a2367..0000000000 --- a/libs/binder/tests/RpcAuthTesting.cpp +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "RpcAuthTesting.h" -#include "../Utils.h" // for TEST_AND_RETURN - -namespace android { - -bssl::UniquePtr makeKeyPairForSelfSignedCert() { - bssl::UniquePtr ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); - if (ec_key == nullptr || !EC_KEY_generate_key(ec_key.get())) { - ALOGE("Failed to generate key pair."); - return nullptr; - } - bssl::UniquePtr pkey(EVP_PKEY_new()); - // Use set1 instead of assign to avoid leaking ec_key when assign fails. set1 increments - // the refcount of the ec_key, so it is okay to release it at the end of this function. - if (pkey == nullptr || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get())) { - ALOGE("Failed to assign key pair."); - return nullptr; - } - return pkey; -} - -bssl::UniquePtr makeSelfSignedCert(EVP_PKEY* pkey, const uint32_t validSeconds) { - bssl::UniquePtr x509(X509_new()); - bssl::UniquePtr serial(BN_new()); - bssl::UniquePtr serialLimit(BN_new()); - TEST_AND_RETURN(nullptr, BN_lshift(serialLimit.get(), BN_value_one(), 128)); - TEST_AND_RETURN(nullptr, BN_rand_range(serial.get(), serialLimit.get())); - TEST_AND_RETURN(nullptr, BN_to_ASN1_INTEGER(serial.get(), X509_get_serialNumber(x509.get()))); - TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0)); - TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notAfter(x509.get()), validSeconds)); - - X509_NAME* subject = X509_get_subject_name(x509.get()); - TEST_AND_RETURN(nullptr, - X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC, - reinterpret_cast("Android"), -1, -1, - 0)); - TEST_AND_RETURN(nullptr, - X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, - reinterpret_cast("BinderRPC"), -1, - -1, 0)); - TEST_AND_RETURN(nullptr, X509_set_issuer_name(x509.get(), subject)); - - TEST_AND_RETURN(nullptr, X509_set_pubkey(x509.get(), pkey)); - TEST_AND_RETURN(nullptr, X509_sign(x509.get(), pkey, EVP_sha256())); - return x509; -} - -status_t RpcAuthSelfSigned::configure(SSL_CTX* ctx) { - auto pkey = makeKeyPairForSelfSignedCert(); - TEST_AND_RETURN(UNKNOWN_ERROR, pkey != nullptr); - auto cert = makeSelfSignedCert(pkey.get(), mValidSeconds); - TEST_AND_RETURN(UNKNOWN_ERROR, cert != nullptr); - TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_PrivateKey(ctx, pkey.get())); - TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_certificate(ctx, cert.get())); - return OK; -} - -status_t RpcAuthPreSigned::configure(SSL_CTX* ctx) { - if (!SSL_CTX_use_PrivateKey(ctx, mPkey.get())) { - return INVALID_OPERATION; - } - if (!SSL_CTX_use_certificate(ctx, mCert.get())) { - return INVALID_OPERATION; - } - return OK; -} - -} // namespace android diff --git a/libs/binder/tests/RpcAuthTesting.h b/libs/binder/tests/RpcAuthTesting.h deleted file mode 100644 index c3c2df4c29..0000000000 --- a/libs/binder/tests/RpcAuthTesting.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include - -namespace android { - -constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days -bssl::UniquePtr makeKeyPairForSelfSignedCert(); -bssl::UniquePtr makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds); - -// An implementation of RpcAuth that generates a key pair and a self-signed -// certificate every time configure() is called. -class RpcAuthSelfSigned : public RpcAuth { -public: - RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {} - status_t configure(SSL_CTX* ctx) override; - -private: - const uint32_t mValidSeconds; -}; - -class RpcAuthPreSigned : public RpcAuth { -public: - RpcAuthPreSigned(bssl::UniquePtr pkey, bssl::UniquePtr cert) - : mPkey(std::move(pkey)), mCert(std::move(cert)) {} - status_t configure(SSL_CTX* ctx) override; - -private: - bssl::UniquePtr mPkey; - bssl::UniquePtr mCert; -}; - -} // namespace android diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.cpp b/libs/binder/tests/RpcCertificateVerifierSimple.cpp deleted file mode 100644 index 1f74adc465..0000000000 --- a/libs/binder/tests/RpcCertificateVerifierSimple.cpp +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#define LOG_TAG "RpcCertificateVerifierSimple" -#include - -#include - -#include "RpcCertificateVerifierSimple.h" - -namespace android { - -status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) { - const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client"; - bssl::UniquePtr peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue - LOG_ALWAYS_FATAL_IF(peerCert == nullptr, - "%s: libssl should not ask to verify non-existing cert", logPrefix); - - std::lock_guard lock(mMutex); - for (const auto& trustedCert : mTrustedPeerCertificates) { - if (0 == X509_cmp(trustedCert.get(), peerCert.get())) { - return OK; - } - } - *outAlert = SSL_AD_CERTIFICATE_UNKNOWN; - return PERMISSION_DENIED; -} - -status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format, - const std::vector& cert) { - bssl::UniquePtr x509 = deserializeCertificate(cert, format); - if (x509 == nullptr) { - ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str()); - return BAD_VALUE; - } - std::lock_guard lock(mMutex); - mTrustedPeerCertificates.push_back(std::move(x509)); - return OK; -} - -} // namespace android diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.h b/libs/binder/tests/RpcCertificateVerifierSimple.h deleted file mode 100644 index bdb2426df7..0000000000 --- a/libs/binder/tests/RpcCertificateVerifierSimple.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include -#include -#include - -#include - -#include -#include - -namespace android { - -// A simple certificate verifier for testing. -// Keep a list of leaf certificates as trusted. No certificate chain support. -// -// All APIs are thread-safe. However, if verify() and addTrustedPeerCertificate() are called -// simultaneously in different threads, it is not deterministic whether verify() will use the -// certificate being added. -class RpcCertificateVerifierSimple : public RpcCertificateVerifier { -public: - status_t verify(const SSL*, uint8_t*) override; - - // Add a trusted peer certificate. Peers presenting this certificate are accepted. - // - // Caller must ensure that RpcTransportCtx::newTransport() are called after all trusted peer - // certificates are added. Otherwise, RpcTransport-s created before may not trust peer - // certificates added later. - [[nodiscard]] status_t addTrustedPeerCertificate(RpcCertificateFormat format, - const std::vector& cert); - -private: - std::mutex mMutex; // for below - std::vector> mTrustedPeerCertificates; -}; - -} // namespace android diff --git a/libs/binder/tests/RpcTlsTestUtils.cpp b/libs/binder/tests/RpcTlsTestUtils.cpp new file mode 100644 index 0000000000..6119313e78 --- /dev/null +++ b/libs/binder/tests/RpcTlsTestUtils.cpp @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "RpcTlsTestUtils" +#include + +#include + +#include + +#include "../Utils.h" // for TEST_AND_RETURN + +namespace android { + +bssl::UniquePtr makeKeyPairForSelfSignedCert() { + bssl::UniquePtr ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + if (ec_key == nullptr || !EC_KEY_generate_key(ec_key.get())) { + ALOGE("Failed to generate key pair."); + return nullptr; + } + bssl::UniquePtr pkey(EVP_PKEY_new()); + // Use set1 instead of assign to avoid leaking ec_key when assign fails. set1 increments + // the refcount of the ec_key, so it is okay to release it at the end of this function. + if (pkey == nullptr || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get())) { + ALOGE("Failed to assign key pair."); + return nullptr; + } + return pkey; +} + +bssl::UniquePtr makeSelfSignedCert(EVP_PKEY* pkey, const uint32_t validSeconds) { + bssl::UniquePtr x509(X509_new()); + bssl::UniquePtr serial(BN_new()); + bssl::UniquePtr serialLimit(BN_new()); + TEST_AND_RETURN(nullptr, BN_lshift(serialLimit.get(), BN_value_one(), 128)); + TEST_AND_RETURN(nullptr, BN_rand_range(serial.get(), serialLimit.get())); + TEST_AND_RETURN(nullptr, BN_to_ASN1_INTEGER(serial.get(), X509_get_serialNumber(x509.get()))); + TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0)); + TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notAfter(x509.get()), validSeconds)); + + X509_NAME* subject = X509_get_subject_name(x509.get()); + TEST_AND_RETURN(nullptr, + X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC, + reinterpret_cast("Android"), -1, -1, + 0)); + TEST_AND_RETURN(nullptr, + X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, + reinterpret_cast("BinderRPC"), -1, + -1, 0)); + TEST_AND_RETURN(nullptr, X509_set_issuer_name(x509.get(), subject)); + + TEST_AND_RETURN(nullptr, X509_set_pubkey(x509.get(), pkey)); + TEST_AND_RETURN(nullptr, X509_sign(x509.get(), pkey, EVP_sha256())); + return x509; +} + +status_t RpcAuthSelfSigned::configure(SSL_CTX* ctx) { + auto pkey = makeKeyPairForSelfSignedCert(); + TEST_AND_RETURN(UNKNOWN_ERROR, pkey != nullptr); + auto cert = makeSelfSignedCert(pkey.get(), mValidSeconds); + TEST_AND_RETURN(UNKNOWN_ERROR, cert != nullptr); + TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_PrivateKey(ctx, pkey.get())); + TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_certificate(ctx, cert.get())); + return OK; +} + +status_t RpcAuthPreSigned::configure(SSL_CTX* ctx) { + if (!SSL_CTX_use_PrivateKey(ctx, mPkey.get())) { + return INVALID_OPERATION; + } + if (!SSL_CTX_use_certificate(ctx, mCert.get())) { + return INVALID_OPERATION; + } + return OK; +} + +status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) { + const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client"; + bssl::UniquePtr peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue + LOG_ALWAYS_FATAL_IF(peerCert == nullptr, + "%s: libssl should not ask to verify non-existing cert", logPrefix); + + std::lock_guard lock(mMutex); + for (const auto& trustedCert : mTrustedPeerCertificates) { + if (0 == X509_cmp(trustedCert.get(), peerCert.get())) { + return OK; + } + } + *outAlert = SSL_AD_CERTIFICATE_UNKNOWN; + return PERMISSION_DENIED; +} + +status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format, + const std::vector& cert) { + bssl::UniquePtr x509 = deserializeCertificate(cert, format); + if (x509 == nullptr) { + ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str()); + return BAD_VALUE; + } + std::lock_guard lock(mMutex); + mTrustedPeerCertificates.push_back(std::move(x509)); + return OK; +} + +} // namespace android diff --git a/libs/binder/tests/RpcTlsUtilsTest.cpp b/libs/binder/tests/RpcTlsUtilsTest.cpp index 9b3078d5d9..530606c44a 100644 --- a/libs/binder/tests/RpcTlsUtilsTest.cpp +++ b/libs/binder/tests/RpcTlsUtilsTest.cpp @@ -14,11 +14,10 @@ * limitations under the License. */ +#include #include #include -#include "RpcAuthTesting.h" - namespace android { std::string toDebugString(EVP_PKEY* pkey) { diff --git a/libs/binder/tests/binderRpcBenchmark.cpp b/libs/binder/tests/binderRpcBenchmark.cpp index 0477d50395..f8b168609c 100644 --- a/libs/binder/tests/binderRpcBenchmark.cpp +++ b/libs/binder/tests/binderRpcBenchmark.cpp @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -37,8 +38,6 @@ #include #include -#include "RpcAuthTesting.h" - using android::BBinder; using android::defaultServiceManager; using android::IBinder; diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp index 0e7e25913b..45c7b71a4c 100644 --- a/libs/binder/tests/binderRpcTest.cpp +++ b/libs/binder/tests/binderRpcTest.cpp @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -51,8 +52,6 @@ #include "../RpcSocketAddress.h" // for testing preconnected clients #include "../RpcState.h" // for debugging #include "../vm_sockets.h" // for VMADDR_* -#include "RpcAuthTesting.h" -#include "RpcCertificateVerifierSimple.h" using namespace std::chrono_literals; using namespace std::placeholders; diff --git a/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h new file mode 100644 index 0000000000..e65883ddbc --- /dev/null +++ b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +#include +#include +#include +#include +#include + +namespace android { + +constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days +bssl::UniquePtr makeKeyPairForSelfSignedCert(); +bssl::UniquePtr makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds); + +// An implementation of RpcAuth that generates a key pair and a self-signed +// certificate every time configure() is called. +class RpcAuthSelfSigned : public RpcAuth { +public: + RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {} + status_t configure(SSL_CTX* ctx) override; + +private: + const uint32_t mValidSeconds; +}; + +class RpcAuthPreSigned : public RpcAuth { +public: + RpcAuthPreSigned(bssl::UniquePtr pkey, bssl::UniquePtr cert) + : mPkey(std::move(pkey)), mCert(std::move(cert)) {} + status_t configure(SSL_CTX* ctx) override; + +private: + bssl::UniquePtr mPkey; + bssl::UniquePtr mCert; +}; + +// A simple certificate verifier for testing. +// Keep a list of leaf certificates as trusted. No certificate chain support. +// +// All APIs are thread-safe. However, if verify() and addTrustedPeerCertificate() are called +// simultaneously in different threads, it is not deterministic whether verify() will use the +// certificate being added. +class RpcCertificateVerifierSimple : public RpcCertificateVerifier { +public: + status_t verify(const SSL*, uint8_t*) override; + + // Add a trusted peer certificate. Peers presenting this certificate are accepted. + // + // Caller must ensure that RpcTransportCtx::newTransport() are called after all trusted peer + // certificates are added. Otherwise, RpcTransport-s created before may not trust peer + // certificates added later. + [[nodiscard]] status_t addTrustedPeerCertificate(RpcCertificateFormat format, + const std::vector& cert); + +private: + std::mutex mMutex; // for below + std::vector> mTrustedPeerCertificates; +}; + +} // namespace android -- cgit v1.2.3-59-g8ed1b From 9809add5c7dbbff1f25dd43c5f53d8ed8b7df91a Mon Sep 17 00:00:00 2001 From: Yifan Hong Date: Thu, 23 Sep 2021 19:06:58 -0700 Subject: binder: Move no-verify test objects to libbinder_tls_test_utils ... so that it can be used in fuzzer. Test: pass Bug: 195598155 Change-Id: If71af5f70b2477b93d692878d59d98cfe3aaec14 --- libs/binder/tests/binderRpcBenchmark.cpp | 10 +++------- .../tests/include_tls_test_utils/binder/RpcTlsTestUtils.h | 8 ++++++++ 2 files changed, 11 insertions(+), 7 deletions(-) (limited to 'libs') diff --git a/libs/binder/tests/binderRpcBenchmark.cpp b/libs/binder/tests/binderRpcBenchmark.cpp index f8b168609c..6bf6e9287f 100644 --- a/libs/binder/tests/binderRpcBenchmark.cpp +++ b/libs/binder/tests/binderRpcBenchmark.cpp @@ -49,6 +49,7 @@ using android::ProcessState; using android::RpcAuthPreSigned; using android::RpcCertificateFormat; using android::RpcCertificateVerifier; +using android::RpcCertificateVerifierNoOp; using android::RpcServer; using android::RpcSession; using android::RpcTransportCtxFactory; @@ -89,13 +90,6 @@ static const std::initializer_list kTransportList = { Transport::RPC_TLS, }; -// Certificate validation happens during handshake and does not affect the result of benchmarks. -// Skip certificate validation to simplify the setup process. -class RpcCertificateVerifierNoOp : public RpcCertificateVerifier { -public: - status_t verify(const SSL*, uint8_t*) override { return OK; } -}; - std::unique_ptr makeFactoryTls() { auto pkey = android::makeKeyPairForSelfSignedCert(); CHECK_NE(pkey.get(), nullptr); @@ -108,6 +102,8 @@ std::unique_ptr makeFactoryTls() { } static sp gSession = RpcSession::make(); +// Certificate validation happens during handshake and does not affect the result of benchmarks. +// Skip certificate validation to simplify the setup process. static sp gSessionTls = RpcSession::make(makeFactoryTls()); #ifdef __BIONIC__ static const String16 kKernelBinderInstance = String16(u"binderRpcBenchmark-control"); diff --git a/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h index e65883ddbc..cbf11bf50d 100644 --- a/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h +++ b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h @@ -16,11 +16,13 @@ #pragma once +#include #include #include #include #include +#include #include #include @@ -75,4 +77,10 @@ private: std::vector> mTrustedPeerCertificates; }; +// A RpcCertificateVerifier that does not verify anything. +class RpcCertificateVerifierNoOp : public RpcCertificateVerifier { +public: + status_t verify(const SSL*, uint8_t*) override { return OK; } +}; + } // namespace android -- cgit v1.2.3-59-g8ed1b